[Openswan Users] net-to-net vpn setup

Vishal Dubey vishal at bbcllc.net
Mon Aug 8 14:55:19 CEST 2005


can some point me to doc's that show how to setup net-to-net using 
openswan 2.4.0dr8 and shorewall?

i am newbie and can use all the help i can get.

my setup

os is fc4 with kerenl 2.6.12.3 patched with netfilter+ipsec and policy 
match
openswan as stated earlier 2.4.0dr8 ( it seems to comile when you "make 
programs install" but does not compile KLIPS).
shorewall version is 2.4.2
here is what is happening:

192.168.10.0/24 <---> firewall/vpn <----> internet <---> firewall/vpn 
<----> 192.168.100.0/24
                                    (vangogh 
11.11.11.20/24)                                    (kirchner 12.12.12.5/28)
i generated public/private key's for vangogh and kirchner on a third 
system.

on vangogh i installed the the folloing key's and cert's:
vangogh.bbcllc.net.req.key to /etc/ipsec.d/private
vangogh.bbcllc.net.cert.pem to /etc/ipsec.d/certs
kirchner.bbcllc.net.cert.pem to /etc/ipsec.d/certs
cacert.pem to /etc/ipsec.d/cacerts
crl.pem to /etc/ipsec.d/crls

on kirchner  key and files are in their respective directory including  
cacert.pem and crl.pem. the only thing that is not on kirchner is the 
vangogh's .pem file.
*****

i am geting the following error messages in the /var/log/messages file:

Aug  8 09:42:24 vangogh ipsec__plutorun: restarting IPsec after pause...
Aug  8 09:42:34 vangogh rmmod: ERROR: Module af_key is in use
Aug  8 09:42:34 vangogh ipsec_setup: ...Openswan IPsec stopped
Aug  8 09:42:34 vangogh ipsec_setup: Stopping Openswan IPsec...
Aug  8 09:42:35 vangogh ipsec_setup: KLIPS ipsec0 on eth0 
11.11.11.20/255.255.255.0 broadcast 11.11.11.255
Aug  8 09:42:35 vangogh racoon: INFO: unsupported PF_KEY message REGISTER
Aug  8 09:42:35 vangogh last message repeated 2 times
Aug  8 09:42:35 vangogh ipsec_setup: ...Openswan IPsec started
Aug  8 09:42:35 vangogh ipsec_setup: Restarting Openswan IPsec 
U2.4.0dr8/K2.6.12.3-bc-20050805-1...
Aug  8 09:42:35 vangogh ipsec_setup: insmod 
/lib/modules/2.6.12.3-bc-20050805-1/kernel/net/ipv4/xfrm4_tunnel.ko
Aug  8 09:42:35 vangogh ipsec__plutorun: 003 FATAL ERROR: bind() failed 
in find_raw_ifaces4(). Errno 98: Address already in use
Aug  8 09:42:35 vangogh ipsec__plutorun: !pluto failure!:  exited with 
error status 1

please help!




More information about the Users mailing list